Module 3 - Attacking the Foundation

Question 1

Which protocol operates at Layer 3 (Network layer) , is connectionless, and delivers packets between hosts without tracking their flow?

Answer 1

IP (Internet Protocol)

Question 2

Which Layer 4( Transport) protocol is typically responsible for managing the flow of packets, since IP does not handle it?

Answer 2

TCP (Transmission Control Protocol)

Question 2

Which field in the IPv4 header contains the value 0100 in binary to indicate that the packet is IPv4?

Answer 2

The Version Field

Question 2

What is known as the technical “envelope” that wraps each data package sent over the internet?

Answer 2

A Packet.

Question 2

Which part of a packet contains control information (like addresses, routing rules)?

Answer 2

The Packet Header.

Question 2

Which part of the packet contains the actual data being sent (like a web request, video, or file)?

Answer 2

The Packet Payload

Question 2

Which IPv4 header field is used to detect transmission errors by checking the contents of the IP header?

Answer 2

Header Checksum

Question 2

Which IPv4 header 2 bits of the DiffServ field are used to signal congestion without dropping packets?

Answer 2

ECN (Explicit Congestion Notification) bits.

Question 2

What do we call the IPv4 part of a packet that focuses just on the delivery instructions (how it moves across networks)?

Answer 2

An IPv4 Packet Header

Question 2

Which 4-bit IPv4 header field specifies the length of the header and has a minimum value of 20 bytes?

Answer 2

The Internet Header Length

Question 2

Which IPv4 header field was formerly called the Type of Service (ToS) and is now used to determine packet priority?

Answer 2

Differentiated Services field (Diffserv)

Question 2

What are the six most significant bits of the DiffServ field called, used to classify and prioritize packets in IPv4 headers?

Answer 2

DSCP (Differentiated Services Code Point)

Question 3

What is the maximum possible size of an IPv4 packet as determined by the Total Length field?

Answer 3

65 535 bytes

Question 3

Which three IPv4 header fields are used to support packet fragmentation and reassembly across networks?

Answer 3

Identification, Flags and fragment offset

Question 3

What happens when the TTL field of an IPv4 packet reaches zero during transit?

Answer 3

The packet is discarded and a ICMP time exceeded message is sent to the source IP Address

Question 3

Which IPv4 field is used to prevent infinite loops by reducing its value each time a router forwards the packet?

Answer 3

TTL (Time-to-live)

Question 3

Which field in the IPv4 header indicates the complete length of the IP packet, including header and user data?

Answer 3

Total length

Question 3

What type of address is always found in the Source IPv4 Address field of a packet?

Answer 3

A unicast address

Question 3

Which IPv4 header field contains the 32-bit binary address of the device that originally sent the packet?

Answer 3

Source IPv4 Address field

Question 3

Which field in the IPv4 header identifies the protocol used in the data payload, such as TCP or UDP?

Answer 3

The Protocol field

Question 3

Which values are commonly found in the Protocol field for ICMP, TCP, and UDP?

Answer 3

ICMP = 1, TCP = 6, UDP= 18

Question 3

Which IPv4 header field contains the 32-bit binary value representing the final destination of the packet?

Answer 3

The destination IPv4 address field

Question 3

What is the purpose of the Options and Padding field in the IPv4 header?

Answer 3

To support optional settings and to ensure the field is a multiple of 32 bits by adding padding if necessary

Question 3

Which vulnerability allows a threat actor to send a packet that appears to originate from a fake source address?

Answer 3

IP spoofing

Question 3

Which type of exploit involves manipulating header fields to split packets into smaller fragments?

Answer 3

Fragmentation attack

Question 3

Which IPv4 header field is reduced by each router to limit how long a packet can circulate in the network?

Answer 3

TTL (Time-to-live)

Question 3

Which header field in an IPv6 packet contains the binary value 0110 to identify the protocol version?

Answer 3

Version

Question 3

Which layer of the OSI model is responsible for passing packets to IP for routing?

Answer 3

Layer 3 (Network layer)

Question 3

Which 8-bit IPv6 field serves the same function as the IPv4 Differentiated Services (DS) field?

Answer 3

The Traffic Class field

Question 4

Which field in the IPv6 header indicates the length of the data portion, excluding the header itself?

Answer 4

Payload length

Question 4

Which 8-bit IPv6 field identifies the type of data being carried and is functionally equivalent to the IPv4 Protocol field?

Answer 4

The Next Header Field

Question 4

Which IPv6 header field replaces the IPv4 TTL field and is decremented by each forwarding router?

Answer 4

The Hop Limit field

Question 4

Which 128-bit field in an IPv6 packet contains the address of the device that originated the packet?

Answer 4

IPv6 Source IP address

Question 4

What is the purpose of extension headers in IPv6?

Answer 4

EH (Extension Headers) provide optional network layer information

Question 4

Which field in the IPv6 header contains the 128-bit address of the intended receiving device?

Answer 4

IPv6 Destination IP Address

Question 4

Which IPv6 feature is used to support tasks like fragmentation, security, and mobility, but is not required in every packet?

Answer 4

An EH (Extension Header)

Question 4

How do IPv6 routers handle packet fragmentation during transit?

Answer 4

They do not handle fragmentation, it must be handles by the source host

Question 5

Which attack uses multiple coordinated systems to flood a target and deny service access?

Answer 5

A (DDoS) Distributed Denial of Service Attack

Question 5

Which attack involves overwhelming a system to prevent legitimate users from accessing services or data?

Answer 5

A DoS (Denial of Service) Attack

Question 5

Which field in IPv6 determines how routers classify and prioritize traffic flows, especially for real-time services?

Answer 5

The flow label Field

Question 5

Which type of attack uses ICMP echo packets to map networks, flood targets, or manipulate routing tables?

Answer 5

ICMP attacks

Question 5

Which attack involves intercepting communication between two systems to capture or manipulate data in transit?

Answer 5

A MiTM (Man in the middle) attack

Question 6

Which type of IP-based attack involves forging the source address to disguise identity and perform blind or non-blind spoofing?

Answer 6

Address Spoofing Attack

Question 6

Which attack starts with physical access to a network and escalates by taking over an active session through packet interception?

Answer 6

A Session hijacking Attack

Question 7

Which type of attack uses ICMP to gather information about network topology, host availability, OS types, and firewall status?

Answer 7

Reconnaissance and scanning attacks

Question 7

Which protocol was developed to carry diagnostic messages and report network errors, such as unreachable routes or hosts?

Answer 7

ICMP (Internet Control Message Protocol)

Question 7

Which ICMP message type is used by the ping command to verify connectivity with a destination?

Answer 7

An ICMP echo request

Question 8

Which ICMP message type is exploited to perform host verification and flood targets in DoS attacks?

Answer 8

ICMP echo request and reply

Question 8

Which ICMP message type helps threat actors map out internal IP address structures?

Answer 8

ICMP mask reply

Question 9

Which ICMP message type can be used to manipulate host routing decisions and redirect traffic through a compromised device?

Answer 9

ICMP redirects

Question 9

Which ICMP message type is used by threat actors for scanning networks and identifying inaccessible systems or services?

Answer 9

ICMP unreachable

Question 10

What activity can ICMP-based reconnaissance reveal about the targeted host, besides its presence on the network?

Answer 10

The hosts operating system via OS fingerprinting

Question 11

Which ICMP message type allows attackers to inject fake routes into a host’s routing table during a reconnaissance attempt?

Answer 11

ICMP router discovery

Question 12

Which type of DoS attack technique involves sending ICMP echo requests to many hosts using the victim’s IP address as the source?

Answer 12

Amplification attack

Question 13

Which type of attack focuses on consuming a target host’s or network’s resources until it crashes or becomes unusable?

Answer 13

Resource exhaustion attack

Question 13

Which DoS technique involves having many hosts respond to a spoofed IP address, causing the victim to be overwhelmed with replies?

Answer 13

Reflection attack

Question 14

In which spoofing type does the threat actor have visibility into the traffic between host and target, allowing for session hijacking and firewall probing?

Answer 14

Non-blind spoofing

Question 15

Which type of spoofing is used when the attacker cannot view return traffic from the target, commonly for DoS attacks?

Answer 15

Blind spoofing

Question 16

Which TCP flag is used to abruptly terminate an existing connection between two hosts?

Answer 16

RST

Question 16

Which TCP control flag indicates that the urgent pointer field is significant and the data should be prioritized?

Answer 16

URG

Question 17

Which TCP control bit is used to signify that the acknowledgment field contains a valid response?

Answer 17

ACK

Question 18

Which TCP control flag instructs the receiver to push the buffered data to the application immediately?

Answer 18

PSH

Question 19

Which TCP control flag is used to begin establishing a TCP connection by synchronizing sequence numbers?

Answer 19

SYN

Question 20

Which TCP control bit indicates that the sender has finished transmitting data?

Answer 20

FIN

Question 21

What is the 1-bit field used to control the state and behavior of a TCP connection?

Answer 21

A flag/ control bit

Question 22

Which TCP service ensures that data segments are retransmitted if no acknowledgment is received in time?

Answer 22

Reliable delivery

Question 23

Which TCP service allows multiple segments to be acknowledged at once, rather than requiring a response for each one?

Answer 23

Flow control

Question 24

Which TCP service involves tracking connection state between two endpoints using a three-way handshake?

Answer 24

Stateful communication

Question 25

Which TCP process must occur before data transmission and involves exchanging three control messages?

Answer 25

A TCP three way handshake

Question 26

What is the first step of the TCP three-way handshake?

Answer 26

The initiating client requests a client to server communication session.

Question 27

What is the second step of the TCP three-way handshake?

Answer 27

The server acknowledges the session and requests a server to client communication session

Question 27

What is the third step of the TCP three-way handshake?

Answer 27

The client acknowledges the server to client communication session

Question 28

Which type of attack floods a target with SYN packets using spoofed IP addresses to consume server resources with half-open connections?

Answer 28

A TCP SYN flood attack

Question 29

In a TCP SYN Flood attack, which part of the three-way handshake does the attacker never send?

Answer 29

An ACK message to the servers SYN-ACK message

Question 30

In a TCP SYN Flood, why can legitimate users not access the web server?

Answer 30

The server becomes overwhelmed with half open TCP connections

Question 31

During a TCP SYN Flood, how does the target server initially respond to each spoofed SYN request?

Answer 31

With a SYN-ACK packet

Question 32

Which type of TCP-based attack abruptly terminates an active TCP session using a spoofed packet?

Answer 32

A TCP reset attack

Question 33

Which attack involves a threat actor taking over an authenticated TCP session by predicting the next sequence number and spoofing an IP address?

Answer 33

TCP session hijacking

Question 33

In TCP session hijacking, what key detail must a threat actor accurately predict to succeed?

Answer 33

The next TCP sequence number

Question 34

Why can a threat actor who hijacks a TCP session only send but not receive data?

Answer 34

They spoof the source IP address and replies go to the legitimate host

Question 35

Which layer 4 protocol is connectionless and used by DNS, DHCP, TFTP, NFS, SNMP, and real-time applications like VoIP?

Answer 35

UDP (User Datagram Protocol)

Question 36

What term is commonly used to describe UDP data units, even though the protocol technically uses datagrams?

Answer 36

Segments

Question 37

Why is UDP preferred for simple request-reply protocols like DHCP?

Answer 37

It avoids overhead of TCP and redirects unnecessary traffic

Question 38

Which type of DoS-style attack sends a high volume of UDP packets to overwhelm a network or host?

Answer 38

UDP flood attack

Question 38

What tools are commonly used to launch UDP flood attacks?

Answer 38

UDP Unicorn and Low orbit ion cannon

Question 39

How is optional network layer information carried by IPv6 packets?

Answer 39

Inside an EH (Extension Header) attached to the main IPv6 header.